Login Sign Up

CVE-2024-36970

5.5 MEDIUM

📋 TL;DR

A deadlock vulnerability in the Linux kernel's iwlwifi wireless driver can cause system instability when multiple WiFi radios are present. The issue affects Linux systems with Intel WiFi hardware using the iwlwifi driver, potentially leading to denial of service conditions.

💻 Affected Systems

Products:
  • Linux kernel iwlwifi driver
Versions: Linux kernel 6.9 series (specifically versions with LED merge changes)
Operating Systems: Linux distributions using kernel 6.9
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Intel WiFi hardware with iwlwifi driver and multiple WiFi radios (24+ mentioned in report)

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system lockup requiring hard reboot, disrupting all services on affected systems

🟠

Likely Case

WiFi connectivity loss and system instability when multiple iwlwifi radios are active

🟢

If Mitigated

Minor performance impact or no effect if systems have limited WiFi radios

🌐 Internet-Facing: LOW - Requires local system access and specific hardware configuration
🏢 Internal Only: MEDIUM - Can affect internal servers/workstations with multiple WiFi adapters

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires specific hardware configuration and appears to be a reliability issue rather than security vulnerability

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commit 3d913719df14c28c4d3819e7e6d150760222bda4 or d20013259539e2fde2deeac85354851097afdf9e

Vendor Advisory: https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix
2. Reboot system
3. Verify iwlwifi module loads correctly

🔧 Temporary Workarounds

Disable WiFi radios

linux

Reduce number of active iwlwifi radios below threshold

sudo ip link set wlan0 down
sudo rmmod iwlwifi

Use older kernel

linux

Revert to Linux kernel version before 6.9

sudo apt install linux-image-6.8.0-xx-generic
sudo update-grub
sudo reboot

🧯 If You Can't Patch

  • Limit number of WiFi radios to fewer than 24 per system
  • Disable WiFi functionality on systems where wired networking is sufficient

🔍 How to Verify

Check if Vulnerable:

Check kernel version and iwlwifi module loading: uname -r && lsmod | grep iwlwifi

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains fix commit: git log --oneline | grep -E '3d913719df14|d20013259539'

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • iwlwifi module load failures
  • System lockup events in syslog

Network Indicators:

  • Sudden WiFi connectivity loss across multiple radios

SIEM Query:

source="kernel" AND ("panic" OR "deadlock" OR "iwlwifi")

📊 Metadata

CVE ID: CVE-2024-36970
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-667
Published: June 8, 2024
Last Updated: February 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36970, you might also want to check these:

CVE-2020-12658 9.8

CVE-2020-12658 is a critical vulnerability in gssproxy (GSS-API proxy daemon) where improper mutex h...

Same vulnerability type (CWE-667)
CVE-2020-11284 8.4

This vulnerability allows non-secure boot loaders to unlock and modify memory regions that should re...

Same vulnerability type (CWE-667)
CVE-2021-22530 8.2

CVE-2021-22530 is an authentication bypass vulnerability in NetIQ Advanced Authentication that allow...

Same vulnerability type (CWE-667)